Russian cyberspies are using one hell of a clever Microsoft Exchange backdoor

Notorious Russian hacking group Turla is using a highly sophisticated backdoor as part of a cyber espionage campaign targeting email servers, ESET researchers have discovered.

The backdoor, dubbed LightNeuron, is the first of its kind “to be directly integrated into the working flow of Microsoft Exchange,” one of the researchers told ZDNet. Once installed, the backdoor provides the attackers with full control over the input and output of a mailserver. In other words, threat actors can read, modify, redirect and block emails sent to the server.

LightNeuron is the most powerful backdoor ever to target mailservers and has been used by Turla since 2014. It was discovered by Kaspersky Lab in mid-2018, but ESET is the first firm to publish a proper analysis of the hacking tool. The Russian advanced persistent threat (APT) group is using LightNeuron as part of an ongoing campaign that has already hit at least three organizations according to ESET, including the Foreign Affairs Ministry of an unidentified country in Eastern Europe.

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.